[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 00/11] Alternate p2m: support multiple copies of host p2m

To: Jan Beulich <jbeulich@xxxxxxxx>
From: Tamas K Lengyel <tamas.lengyel@xxxxxxxxxxxx>
Date: Wed, 14 Jan 2015 11:31:36 +0100
Cc: Tim Deegan <tim@xxxxxxx>, Keir Fraser <keir@xxxxxxx>, Ian Campbell <ian.campbell@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Ed White <edmund.h.white@xxxxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>
Delivery-date: Wed, 14 Jan 2015 10:31:43 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Wed, Jan 14, 2015 at 8:04 AM, Jan Beulich <jbeulich@xxxxxxxx> wrote:
>>>> Ed White <edmund.h.white@xxxxxxxxx> 01/13/15 10:32 PM >>>
>>On 01/13/2015 12:45 PM, Andrew Cooper wrote:
>>> On 13/01/15 20:02, Ed White wrote:
>>>> The set of mfn's is the same, but I do allow gfn->mfn mappings to be
>>>> modified under certain circumstances. One use of this is to point the
>>>> same VA to different physical pages (with different access permissions)
>>>> in different p2m's to hide memory changes.
>>>
>>> What is the practical use of being able to play paging tricks like this
>>> behind a VMs back?
>>
>>I'm restricted in how much detail I can go into on a public mailing list,
>>but imagine that you want a data read to see one thing and an instruction
>>fetch to see something else.
>
> How would that work? There can only be one P2M in use at a time, and that's
> used for both translations. Or are you saying at least one of the two accesses
> would be emulated nevertheless?
>
> Jan

I can see it working by having data fetch access to a page trapped via
mem_access, while instruction fetch is not. This would be very handy
when doing stealthy debugging where the presence of breakpoints should
be hidden from the guest. With this technique it is possible to
present a copy of the page to the data fetch that has no breakpoints
in it, as done for example in this paper:
http://friends.cs.purdue.edu/pubs/ACSAC13.pdf.

Tamas

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH 00/11] Alternate p2m: support multiple copies of host p2m
  - From: Jan Beulich

References:
- [Xen-devel] [PATCH 00/11] Alternate p2m: support multiple copies of host p2m
  - From: Ed White
- Re: [Xen-devel] [PATCH 00/11] Alternate p2m: support multiple copies of host p2m
  - From: Andrew Cooper
- Re: [Xen-devel] [PATCH 00/11] Alternate p2m: support multiple copies of host p2m
  - From: Ed White
- Re: [Xen-devel] [PATCH 00/11] Alternate p2m: support multiple copies of host p2m
  - From: Andrew Cooper
- Re: [Xen-devel] [PATCH 00/11] Alternate p2m: support multiple copies of host p2m
  - From: Ed White
- Re: [Xen-devel] [PATCH 00/11] Alternate p2m: support multiple copies of host p2m
  - From: Jan Beulich

Prev by Date: Re: [Xen-devel] [PATCH v3 07/19] libxl: x86: factor out e820_host_sanitize
Next by Date: Re: [Xen-devel] Outstanding OSSTEST patch series
Previous by thread: Re: [Xen-devel] [PATCH 00/11] Alternate p2m: support multiple copies of host p2m
Next by thread: Re: [Xen-devel] [PATCH 00/11] Alternate p2m: support multiple copies of host p2m
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.